zeroclaw

harald/zeroclaw

Fork 0

Commit graph

Author	SHA1	Message	Date
Alex Gorevski	72207e3722	ci(dependabot): add Docker ecosystem monitoring (#633 ) Problem: The Dependabot configuration monitors Cargo and GitHub Actions dependencies but does not track Docker base image updates. Stale base images in the Dockerfile can accumulate unpatched vulnerabilities. Solution: Add a Docker package-ecosystem entry to dependabot.yml that proposes weekly base image updates, grouped by minor/patch, with a 3-PR concurrency limit. Labels (ci, dependencies) match the existing GitHub Actions ecosystem entry for consistent triage routing. Testing: Validated YAML syntax. Dependabot will activate automatically on the next scheduled scan after merge. Ref: zeroclaw-labs/zeroclaw#618 (item 1 — Dependency Update Automation) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-02-17 15:11:31 -05:00
Chummy	6d56a040ce	docs: strengthen collaboration governance and AGENTS engineering protocol (#263 ) * docs: harden collaboration policy and review automation * ci(docs): remove unsupported lychee --exclude-mail flag * docs(governance): reduce automation side-effects and tighten risk controls * docs(governance): add backlog pruning and supersede protocol * docs(agents): codify engineering principles and risk-tier workflow * docs(readme): add centered star history section at bottom * docs(agents): enforce privacy-safe and neutral test wording * docs(governance): enforce privacy-safe and neutral collaboration checks * fix(ci): satisfy rustfmt and discord schema test fields * docs(governance): require ZeroClaw-native identity wording * docs(agents): add ZeroClaw identity-safe naming palette * docs(governance): codify code naming and architecture contracts * docs(contributing): add naming and architecture good/bad examples * docs(pr): reduce checkbox TODOs and shift to label-first metadata * docs(pr): remove duplicate collaboration track field * ci(labeler): auto-derive module labels and expand provider hints * ci(labeler): auto-apply trusted contributor on PRs and issues * fix(ci): apply rustfmt updates from latest main * ci(labels): flatten namespaces and add contributor tiers * chore: drop stale rustfmt-only drift * ci: scope Rust and docs checks by change set * ci: exclude non-markdown docs from docs-quality targets * ci: satisfy actionlint shellcheck output style * ci(labels): auto-correct manual contributor tier edits * ci(labeler): auto-correct risk label edits * ci(labeler): auto-correct size label edits --------- Co-authored-by: Chummy <183474434+chumyin@users.noreply.github.com>	2026-02-16 05:59:04 -05:00

Author

SHA1

Message

Date

Alex Gorevski

72207e3722

ci(dependabot): add Docker ecosystem monitoring (#633 )

Problem: The Dependabot configuration monitors Cargo and GitHub Actions
dependencies but does not track Docker base image updates. Stale base
images in the Dockerfile can accumulate unpatched vulnerabilities.

Solution: Add a Docker package-ecosystem entry to dependabot.yml that
proposes weekly base image updates, grouped by minor/patch, with a
3-PR concurrency limit. Labels (ci, dependencies) match the existing
GitHub Actions ecosystem entry for consistent triage routing.

Testing: Validated YAML syntax. Dependabot will activate automatically
on the next scheduled scan after merge.

Ref: zeroclaw-labs/zeroclaw#618 (item 1 — Dependency Update Automation)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-02-17 15:11:31 -05:00

Chummy

6d56a040ce

docs: strengthen collaboration governance and AGENTS engineering protocol (#263 )

* docs: harden collaboration policy and review automation

* ci(docs): remove unsupported lychee --exclude-mail flag

* docs(governance): reduce automation side-effects and tighten risk controls

* docs(governance): add backlog pruning and supersede protocol

* docs(agents): codify engineering principles and risk-tier workflow

* docs(readme): add centered star history section at bottom

* docs(agents): enforce privacy-safe and neutral test wording

* docs(governance): enforce privacy-safe and neutral collaboration checks

* fix(ci): satisfy rustfmt and discord schema test fields

* docs(governance): require ZeroClaw-native identity wording

* docs(agents): add ZeroClaw identity-safe naming palette

* docs(governance): codify code naming and architecture contracts

* docs(contributing): add naming and architecture good/bad examples

* docs(pr): reduce checkbox TODOs and shift to label-first metadata

* docs(pr): remove duplicate collaboration track field

* ci(labeler): auto-derive module labels and expand provider hints

* ci(labeler): auto-apply trusted contributor on PRs and issues

* fix(ci): apply rustfmt updates from latest main

* ci(labels): flatten namespaces and add contributor tiers

* chore: drop stale rustfmt-only drift

* ci: scope Rust and docs checks by change set

* ci: exclude non-markdown docs from docs-quality targets

* ci: satisfy actionlint shellcheck output style

* ci(labels): auto-correct manual contributor tier edits

* ci(labeler): auto-correct risk label edits

* ci(labeler): auto-correct size label edits

---------

Co-authored-by: Chummy <183474434+chumyin@users.noreply.github.com>

2026-02-16 05:59:04 -05:00

2 commits